Posted
by
samzenpus
on Wednesday May 07, 2008 @06:00PM
from the protect-the-collective dept.

SecureThroughObscure writes "ZDNet Zero-Day security blogger Nate McFeters got an exclusive look at the Microsoft Blue Hat conference. This is an invite-only conference that few media get to attend, but apparently McFeters was brought in with co-worker Rob Carter to talk about some vulnerabilities they had discovered with a few product security teams in attendence, and was also asked to do a guest blog posting about the conference at the Microsoft Blue Hat blog. McFeters also included several pictures of the conference and after conference events."

I'd say so, given the recent "Source Fource" and "Open Office XML" names... I wonder up to what extent the dreaded copyright law can be applied here. It'd be interesting to find out, but if OpenOffice is really a registered trademark, then OpenOffice.org might be in trouble if they decide to judge against Microsoft on that hypothetical case.

It's a take off of the Black Hat security conference, which is a vendor neutral. The terms Black hat and White hat are commonly used to describe the intent of security researchers who are either malicious (Black hat) or ethical (White hat).

What users are you talking about? This is conference internal to Microsoft, with speakers invited (mostly) from Black Hat conference. It is limited to full-time employees ("blue badges") hence - BlueHat.

No, it's a riff on (a) Black Hat, the industry's leading vulnerability research conference, (b) Black Hat, the term of art for people who break software, and (c) Blue Badges, the slang internal term for MSFT full-timers.

This is worst than the third time Janeway took the borg head on by becomming a drone... probable but highly unlikely. One would think that a company that boasts itself in the media as much as Microsoft does for being an open book enterprise, that one of their Vulcans would give them a more logical approach. Think about it...

No testing happens at Blue Hat. The idea is from MS to have the best from Black Hat speak to it's own people - an idea interchange. It's MS-internal because MS wants its employees to get exposure to this information, and so that MS employees can discuss specifics (with the invitees) that are relevant to them.

You'll get skewered data that we all know their going to use to bash Linux and support Windows

This site does not rely on data (skewed or otherwise) to put MS on the proverbial skewer. For an very recent example, look at the thread earlier today [slashdot.org] (where one journalist theorizes that MS may a

Besides, all I have to do to is uncheck that box in my last screenshot, then with the latest ATI Catalyst drivers, play a WMV file in Media Player Classic and attempt to fast forward. Instant Blue Screen on my PC!

Out of all the stretches for a joke I've seen in this thread this comment was the best so far. There's a well-known association between Microsoft and the dreaded BSOD, especially in Slashdot context. Seems like a fair pun to me.

Hold a conference for only its security people? I mean, it sure looks like employees outnumber the actual guests there, and I suspect the guests are Microsoft contractors or employees of Microsoft Gold Partners that were forced to go by their boss. People actually WANT to attend Black Hat.

> I mean, it sure looks like employees outnumber the actual guests there, and I suspect the guests are Microsoft contractors or employees of Microsoft Gold Partners that were forced to go by their boss.

There are no "actual guests" here. It is strictly MS full-time employee only. Nobody forces anyone to attend.

The summary says "McFeters was brought in with co-worker Rob Carter to talk about some vulnerabilities they had discovered with a few product security teams in attendence" - that makes it sounds like Nate and Rob found vulnerabilities in Microsoft products. If you actually read the guest blog entry, it says:"Microsoft had Rob Carter [...] and I come in to discuss some recent vulnerabilities that we've discovered with a few third-party vendors with whom Microsoft has tight relationships"

Probably this is referring to Adobe - Nate and Rob have previously reported [blogspot.com] vulns to them and had them patched.